Symantec Security Response - Microsoft RPC DCOM Interface Buffer Overrun vulnerability

On September 10, Microsoft released an urgent security bulletin detailing three vulnerabilities in the RPC DCOM subsystem used by the Windows family of operating systems. Microsoft has provided a patch and is strongly encouraging administrators to patch their systems. As a result of this new vulnerability, Symantec Security Response has raised the ThreatCon rating from a Level 1 to a Level 2. As you may recall, the Blaster/Welchia worms took advantage of a similar vulnerability - the Microsoft RPC DCOM Interface Buffer Overrun vulnerability announced in July 2003.

At this time, Symantec Security Response has not seen exploit code targeting this vulnerability in widespread public distribution. However, given the attention that the Microsoft RPC DCOM subsystem has received from the security community in recent weeks, Symantec Security Response believes that a working exploit may be launched in the near future.

System administrators are urged to apply the patch provided by Microsoft immediately to avoid exposure to this threat. Symantec also cautions administrators that systems previously patched to counter the Blaster/Welchia worms are still exposed to these new vulnerabilities.